Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    RSS Security Deadline

    By
    Jim Rapoza
    -
    April 30, 2012
    Share
    Facebook
    Twitter
    Linkedin

      As we here at eWEEK Labs evaluate the next generation of Web browsers, operating systems, collaboration tools and other interactive applications, one feature keeps popping up again and again—namely, integration with RSS feeds.

      RSS integration has already pretty much become a must-have feature for a whole host of products. Not having RSS integration is almost like not being able to use the Web at all.

      And I can see why many developers and businesses are flocking to support RSS. In addition to their popularity as the delivery method of choice for core Web 2.0 products, such as blogs and podcasting, RSS feeds have great potential for reliably delivering a wide assortment of content, files and even applications.

      But during the last year or so, many people have been asking an important question. Is RSS secure?

      Its vital that this question be answered in the next few months—before Microsoft releases its Internet Explorer 7 browser, which makes it much easier for novices to subscribe to RSS feeds, and before it releases Vista, which has RSS support built in. Both of these releases will have malware purveyors looking for ways to exploit the products RSS integration.

      Looked at in its simplest form, theres nothing about RSS that should make it hard to secure. Based on XML and using standard Internet transmission techniques, RSS can tap all of the authentication and encryption technologies that are used to secure any Web-based content.

      However, RSS could become a major avenue of transmission for the bad stuff—namely, spam, Trojans and spyware.

      Many other Web 2.0 technologies are already dealing with their own forms of spam, with one recent report stating that a very large percentage of blogs on the Web today are actually spam blogs, or splogs.

      /zimages/3/28571.gifClick here to read more about spam blogs on Googles BlogSpot service.

      On a one-to-one basis, spam through RSS is hard to pull off, since a user receiving lots of spam through a feed will simply unsubscribe from that feed. However, the increased use of feed-aggregating sites makes it more likely that enterprising spammers will figure out a way to deliver their wares interspersed with legitimate feeds. Automated aggregating tools based on search terms are even more likely to be exploited by spam.

      RSS will almost certainly face spam problems, although, in my opinion, not to the level that e-mail currently does.

      The much bigger security concern when it comes to RSS is the use, or misuse, of the RSS enclosure tag.

      The enclosure tag, which enables podcasting and videocasting, makes it possible to deliver files through a feed. And the way this is implemented in RSS is very flexible—an RSS feed doesnt really care what the file type is. A file linked in an enclosure can be an MP3 audio file, an MPEG video file or even (insert ominous music here) an executable.

      There really isnt anything stopping someone from delivering malware such as viruses or spyware through an RSS feed enclosure tag. Some will say that this is unlikely to happen, as people will know from the feed where the content is originating. But recent experiences with malware delivered through Web sites show that getting bad content onto legitimate sites isnt a problem for the bad guys.

      So far, we havent seen many cases of RSS being used as an avenue for security attacks. But once RSS is an integral part of the Microsoft browser and operating system, all that is bound to change.

      So what should be done? Should businesses plan to ban RSS subscriptions? Should the RSS standard be changed to make it less attractive to hackers (and also less useful for everyone)?

      I dont think so. Many in the RSS community have been discussing these problems for a while now, and aggregators and tool vendors are taking steps to make it easier to detect unusual feed activity. And the last thing we want to do is cripple the functionality of such a promising technology.

      So RSS feeds arent completely secure. But then again, what Internet-based technologies are?

      Its pretty much inevitable that there will be security problems involving RSS feeds. But as long as users, vendors and the RSS community are vigilant, RSS wont become a security problem itself.

      Labs Director Jim Rapoza can be reached at [email protected].

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×